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EXAMINER'S AMENDMENT 

An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .31 2. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Amirali Sharifi, Registration No. 68,887, on March 8, 2012. 

The application has been amended as follows: 

Claims 1, 2, 7, 15, 16, 23, 24, 25, 29, 30 have been amended as follows: 
1. (Currently Amended) A method comprising: 

receiving, using a processing device, a first request, from a first sponsor of an 
access candidate, for access to a first security level in a computer network, wherein the 
first security level secures computational resources for accessing electronic data; 

determining, using the processing device, whether access candidate attributes 
satisfy access requirements of the resources , whoro i n tho access cand i date attr i butes 
aro rov i sab l o basod, at l oast i n part, on a dotorm i nat i on i nd i cat i ng that access to tho f i rst 
l ovo l i s proh i b i ted: , such that: 

if access to the first security level is prohibited, allowing the first sponsor of 
the access candidate to revise the access candidate attributes and resubmit the revised 
access candidate attributes for reconsideration and repeating the determining: 
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if access to the first security level is not prohibited, granting , us i ng the 
process i ng dov i co, access to the first security level based on a dotorm i nat i on i nd i cat i ng 




receiving, using the processing device, a second request, from a second 
sponsor of the access candidate, for access to a second security level in the computer 
network in response to the granting of access to the first security level, wherein the 
second security level secures the electronic data; 

determining, using the processing device, whether the access candidate 
attributes satisfy access requirements of the electronic data secured by the second 
security level; 

obtaining authorization for the second request from a resolution authority if the 
access candidate attributes fail to satisfy the access requirements of the electronic data 
in response to a determination indicating that access to the second security level is 
prohibited; and 

in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the second security level. 

2. (Currently Amended) The method of Claim 1 , further comprising granting access 
to the second security level i n rosponso to dotorm i n i ng that if the access candidate 
attributes satisfy the access requirements of the electronic data. 




that- 



to tho f i rst l ovo l i s not proh i b i ted ; 



7. 



(Currently Amended) A method comprising: 
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receiving, using a processing device, a first request, from a first sponsor of an 
access candidate, for physical access to a computer network; 

determining, using the processing device, whether access candidate attributes 
satisfy access requirements of physical access, whoro i n tho access cand i date attr i butes 
aro rov i sab l o basod, at l oast i n part, on a dotorm i nat i on i nd i cat i ng that phys i ca l access 
i s proh i b i tod; such that 

if physical access to the computer network is prohibited, allowing the first 
sponsor of the access candidate to revise the access candidate attributes and resubmit 
the revised access candidate attributes for reconsideration and repeating the 
determining; 

if physical access to the computer network is not prohibited. granting T 
us i ng tho procoss i ng dov i co, the physical access to the computer network basod on a 
dotorm i nat i on i nd i cat i ng that phys i ca l accoss is not proh i b i tod ; 

receiving, using the processing device, a second request, from a second sponsor 
of the access candidate, for access to electronic data in the computer network in 
response to the granting of physical access to the computer network; 

determining, using the processing device, whether the access candidate 
attributes satisfy access requirements of the electronic data; 

obtaining authorization for the second request from a resolution authority if the 
access candidate attributes fail to satisfy access requirements of the electronic data in 
response to a determination indicating that access to the electronic data is prohibited; 
and 
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in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the electronic data. 



15. (Currently Amended) A method comprising: 

identifying, using a processing device, a plurality of data subsets of electronic 
data, wherein respective data subsets correspond to respective sets of access 
requirements; 

determining, using the processing device, at least one data class associated with 
the respective data subsets, the at least one data class identifying at least a citizenship 
requirement and a location requirement for access to data associated with the at least 
one data class; 

receiving, using the processing device, a first request, from a first sponsor of an 
access candidate, for access to a first security level in a computer network, wherein the 
first security level secures physical access to a computer workstation for accessing the 
electronic data, the first request including access attributes of the access candidate 
comprising an indication of a citizenship status of the access candidate, an indication of 
a current location of the access candidate, and an indication of an existence of a data 
access agreement with the access candidate; 

determining, using the processing device, whether the access candidate 
attributes satisfy access requirements of the first security level, whoro i n tho accoss 
cand i dato attr i butes aro rov i sab l o basod, at loast i n part, on a dotorm i nat i on i nd i cat i ng 
that accoss to tho f i rst socur i tv l ovol i s proh i b i ted: such that: 
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if access to the first security level is prohibited, allowing the first sponsor of 
the access candidate to revise the access candidate attributes and resubmit the revised 
access candidate attributes for reconsideration and repeating the determining; 

if access to the first security level is not prohibited, granting, us i ng tho process i ng 
dov i co, access to the first security level basod on a dotorm i nat i on i nd i cat i ng that access 
to tho f i rst secur i ty l ovo l i s not proh i b i ted ; 

receiving, using the processing device, a second request, from a second sponsor 
of the access candidate, for access to a second security level in the computer network 
in response to the granting of access to the first security level, wherein the second 
security level secures access to at least one of the plurality of data subsets; 

determining, using the processing device, whether the access candidate 
attributes satisfy the respective set of access requirements corresponding to the at least 
one of the plurality of data subsets; 

obtaining authorization for the second request from a resolution authority if the 
access candidate attributes fail to satisfy the respective set of access requirements 
corresponding to the at least one of the plurality of data subsets in response to a 
determination indicating that access to the at least one of the plurality of data subsets is 
prohibited; and 

in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the second security level. 



16. 



(Currently Amended) A system comprising: 
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storage means for receiving and storing electronic data using a computer 
network; 

means for evaluating a first request for access to one or more resources in the 
computer network, wherein the resources secure the electronic data, wherein an 
evaluation of the first request includes a first comparison of one or more attributes of the 
access candidate with one or more access requirements associated with the resources, 
and whoro i n tho ono or moro attr i butes of tho accoss cand i date aro rov i sab l o i f tho f i rst 
compar i son i nd i cates that access i s prohibited; ,such that: 

if the first comparison indicates that access is prohibited, means for 
allowing a sponsor of the access candidate to revise the one or more attributes of the 
access candidate and resubmit the revised attributes for reconsideration and repeating 
the determining; 

if the first comparison indicates that access is not prohibited, granting 
access to the one or more resources i f tho first compar i son i nd i cates that accoss i s not 
proh i b i ted ; 

means for evaluating a second request for access to the electronic data by the 
one or more resources, wherein an evaluation of the second request includes a second 
comparison of the one or more attributes of the access candidate with one or more 
access requirements associated with the electronic data; 

means for obtaining authorization for the second request from a resolution 
authority if the one or more attributes of the access candidate fails to satisfy one or 
more access requirements associated with the electronic data in response to the 
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evaluation of the second request indicating that access to the electronic data is 
prohibited; and 

means for granting, in response to obtaining the authorization from the resolution 
authority, the access candidate access to the electronic data using the one or more 
resources. 

23. (Cancelled) 

24. (Currently Amended) A method comprising: 

receiving, using a controller in a computer network associated with secured 
electronic data, a request for access to the secured electronic data in the computer 
network; 

comparing, using the controller, one or more attributes of an access candidate 
with one or more access requirements associated with the secured electronic data; 

obta i n i ng requesting authorization for the request from a resolution authority if 
the one or more attributes of the access candidate fails to satisfy the one or more 
access requirements associated with the secured electronic data; [[and]] 

in response to obta i n i ng or not obta i n i ng receiving the authorization from the 
resolution authority, granting or deny i ng in whole or in part, using the controller, access 
to the secured electronic data basod, at l oast i n part, on a dotorm i nat i on basod on 
access cand i date i nformat i on and roauost rolatod i nformat i on, ; and 
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whoro i n tho ono or moro attr i butes of tho access cand i dato aro rov i sab l o basod, 
at l east i n part, on a dotorm i nat i on deny i ng access to tho secured o l octron i c data 

in response to not receiving the authorization from the resolution authority, 
allowing a sponsor of the access candidate to revise the one or more attributes of the 
access candidate and resubmit the revised attributes for reconsideration and repeating 
the comparing . 

25. (Currently Amended) The method of Claim 24, further comprising granting 
access to the secured electronic data i n response to a compar i son i nd i cat i ng that 
access by tho access cand i dato i s not proh i bited if the one or more attributes of the 
access candidate satisfies the one or more access requirements associated with the 
secured electronic data . 

29. (Currently Amended) A method comprising: 

receiving, using a controller in a computer network associated with secured 
electronic data in the computer network, a request for access to the secured electronic 
data in the computer network; 

comparing, using the controller, one or more attributes of an access candidate 
with one or more access requirements associated with the secured electronic data [[;]] 
such that: 
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if access by the access candidate is not prohibited, granting, us i ng tho 
contro ll er, access to the secured electronic data i n response to a compar i son i nd i cat 




obta i n i ng if access by the access candidate is prohibited, requesting 
authorization for the request from a resolution authority i n response to a compar i son 
i nd i cat i ng that access by tho access candidate is proh i b i ted ; [[and]] 

in response to obta i n i ng or not obtaining receiving the authorization from the 
resolution authority, granting or deny i ng in whole or in part, using the controller, access 
to the secured electronic data based, at l east in part, on a dotorm i nat i on basod on 
access cand i date i nformat i on and request ro l atod i nformat i on, ; and 

where i n tho one or moro attr i butoo of tho aooooo oand i dato aro rov i sab l o based, 
at l east i n part, on a dotorm i nat i on deny i ng accocc to tho soourod o l ootron i o data 

in response to not receiving the authorization from the resolution authority, 
allowing a sponsor of the access candidate to revise the one or more attributes of the 
access candidate and resubmit the revised attributes for reconsideration and repeating 
the comparing . 

30. (Currently Amended) An article of manufacture including a non-transitory 
computer-readable medium having instructions stored thereon, execution of which 
causes a processing device to perform operations comprising: 

receiving, using a processing device, a request for access to a first security level 
in a computer network; 




that- 



by tho 



cand i date i s not prohib i ted ; 
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comparing, using the processing device, one or more attributes of an access 
candidate with one or more access requirements associated with the first security level, 
whoro i n tho ono or moro attr i butes of tho access cand i date aro rov i sab l o basod, at l oast 
i n part, on a dotorm i nat i on i nd i cat i ng that access by tho access cand i date to tho f i rst 
socur i tv l ovo l i s proh i b i ted; such that: 

if access to the first security level is prohibited, allowing a first sponsor of 
the access candidate to revise the one or more attributes of the access candidate and 
resubmit the revised attributes for reconsideration and repeating the comparing; 

if access to the first security level is not prohibited, granting, using the 
processing device, access to the first security level based on a comparison indicating 
that access by the access candidate to the first security level is not prohibited; 

receiving, using the processing device, a request for access to a second security 
level in the computer network; 

obtaining authorization for the request from a resolution authority in response to 
a comparison indicating that access to the second security level by the access 
candidate is prohibited. 

Allowable Subject Matter 

The following is an examiner's statement of reasons for allowance. 
Claim 1,7, 15, 16, 24, 29, 30 are allowed based on the following: 
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The prior art of record, considered individually or in combination, fails to fairly 
show or suggest: determining, using the processing device, whether access candidate 
attributes satisfy access requirements of the resources, wherein the access candidate 
attributes are revisable based, at least in part, on a determination indicating that access 
to the first level is prohibited, such that: if access to the first security level is prohibited, 
allowing the first sponsor of the access candidate to revise the access candidate 
attributes and resubmit the revised access candidate attributes for reconsideration and 
repeating the determining; and if access to the first security level is not prohibited, 
granting, using the processing device, access to the first security level, in addition to the 
other limitations in a manner as recited in claims 1 - 22, 24 - 38, 41 - 44. 

Claims 2 - 6, 38, 31 are allowed due to allowed base claim 1. 
Claims 8 - 14 are allowed due to allowed base claim 7. 
Claim 42 - 44 is allowed due to allowed base claim 15. 
Claims 17-22 are allowed due to allowed base claim 16. 
Claim 25 - 28 is allowed due to allowed base claim 24. 
Claim 31 - 37 is allowed due to allowed base claim 30. 

So as indicated by the above statements, Applicant's arguments have been 
considered persuasive, in light of the set of claims with limitations as well as the 
enabling portions of the specification. The dependent claims further limit the 
independent claims and are considered allowable on the same basis as the 
independent claims as well as for the further limitations set forth. 
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Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 



Conclusion 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CARLTON JOHNSON whose telephone number is 
(571)270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571 - 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
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For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Carlton V. Johnson 

Examiner 

Art Unit 2436 



CVJ 

February 27, 2012 



/Nasser Moazzami/ 

Supervisory Patent Examiner, Art Unit 2436 



